summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssh
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-connectivity/openssh')
-rw-r--r--meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch59
-rw-r--r--meta/recipes-connectivity/openssh/openssh/0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch35
-rw-r--r--meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch47
-rw-r--r--meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch111
-rwxr-xr-xmeta/recipes-connectivity/openssh/openssh/run-ptest17
-rw-r--r--meta/recipes-connectivity/openssh/openssh/ssh_config14
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd2
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd.service18
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd.socket1
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd_check_keys6
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd_config17
-rw-r--r--meta/recipes-connectivity/openssh/openssh_10.0p1.bb224
-rw-r--r--meta/recipes-connectivity/openssh/openssh_8.4p1.bb179
13 files changed, 373 insertions, 357 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch b/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch
new file mode 100644
index 0000000000..f424288e37
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/0001-regress-banner.sh-log-input-and-output-files-on-erro.patch
@@ -0,0 +1,59 @@
1From 5cc897fe2effe549e1e280c2f606bce8b532b61e Mon Sep 17 00:00:00 2001
2From: Mikko Rapeli <mikko.rapeli@linaro.org>
3Date: Mon, 11 Sep 2023 09:55:21 +0100
4Subject: [PATCH] regress/banner.sh: log input and output files on error
5
6Some test environments like yocto with qemu are seeing these
7tests failing. There may be additional error messages in the
8stderr of ssh cloent command. busybox cmp shows this error when
9first input file has less new line characters then second
10input file:
11
12cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in
13
14Logging the full banner.out will show what other error messages
15are captured in addition of the expected banner.
16
17Full log of a failing banner test runs is:
18
19run test banner.sh ...
20test banner: missing banner file
21test banner: size 0
22cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in
23banner size 0 mismatch
24test banner: size 10
25test banner: size 100
26cmp: EOF on /usr/lib/openssh/ptest/regress/banner.in
27banner size 100 mismatch
28test banner: size 1000
29test banner: size 10000
30test banner: size 100000
31test banner: suppress banner (-q)
32FAIL: banner
33return value: 1
34
35See: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178
36
37Upstream-Status: Denied [https://github.com/openssh/openssh-portable/pull/437]
38
39Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
40Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
41---
42 regress/banner.sh | 4 +++-
43 1 file changed, 3 insertions(+), 1 deletion(-)
44
45diff --git a/regress/banner.sh b/regress/banner.sh
46index a84feb5..de84957 100644
47--- a/regress/banner.sh
48+++ b/regress/banner.sh
49@@ -32,7 +32,9 @@ for s in 0 10 100 1000 10000 100000 ; do
50 verbose "test $tid: size $s"
51 ( ${SSH} -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \
52 cmp $OBJ/banner.in $OBJ/banner.out ) || \
53- fail "banner size $s mismatch"
54+ ( verbose "Contents of $OBJ/banner.in:"; cat $OBJ/banner.in; \
55+ verbose "Contents of $OBJ/banner.out:"; cat $OBJ/banner.out; \
56+ fail "banner size $s mismatch" )
57 done
58
59 trace "test suppress banner (-q)"
diff --git a/meta/recipes-connectivity/openssh/openssh/0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch b/meta/recipes-connectivity/openssh/openssh/0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch
new file mode 100644
index 0000000000..360b62af34
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch
@@ -0,0 +1,35 @@
1From 9dcccafe44ea17e972e7cddea205bbe9fe71d8d6 Mon Sep 17 00:00:00 2001
2From: Jose Quaresma <jose.quaresma@foundries.io>
3Date: Mon, 15 Jul 2024 18:43:08 +0100
4Subject: [PATCH] regress/test-exec: use the absolute path in the SSH env
5
6The SSHAGENT_BIN was changed in [1] to SSH_BIN but
7the last one don't use the absolute path and consequently
8the function increase_datafile_size can loops forever
9if the binary not found.
10
11[1] https://github.com/openssh/openssh-portable/commit/a68f80f2511f0e0c5cef737a8284cc2dfabad818
12
13Upstream-Status: Submitted [https://github.com/openssh/openssh-portable/pull/510]
14
15Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
16---
17 regress/test-exec.sh | 5 +++++
18 1 file changed, 5 insertions(+)
19
20diff --git a/regress/test-exec.sh b/regress/test-exec.sh
21index 8a00c72..2891f27 100644
22--- a/regress/test-exec.sh
23+++ b/regress/test-exec.sh
24@@ -179,6 +179,11 @@ if [ "x$TEST_SSH_OPENSSL" != "x" ]; then
25 fi
26
27 # Path to sshd must be absolute for rexec
28+case "$SSH" in
29+/*) ;;
30+*) SSH=`which $SSH` ;;
31+esac
32+
33 case "$SSHD" in
34 /*) ;;
35 *) SSHD=`which $SSHD` ;;
diff --git a/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch b/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
deleted file mode 100644
index b8402a4dee..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
+++ /dev/null
@@ -1,47 +0,0 @@
1Adjust test cases to work with busybox.
2
3- Replace dd parameter "obs" with "bs".
4- Replace "head -<num>" with "head -n <num>".
5
6Signed-off-by: Maxin B. John <maxin.john@enea.com>
7Upstream-Status: Pending
8
9Index: openssh-7.6p1/regress/cipher-speed.sh
10===================================================================
11--- openssh-7.6p1.orig/regress/cipher-speed.sh
12+++ openssh-7.6p1/regress/cipher-speed.sh
13@@ -17,7 +17,7 @@ for c in `${SSH} -Q cipher`; do n=0; for
14 printf "%-60s" "$c/$m:"
15 ( ${SSH} -o 'compression no' \
16 -F $OBJ/ssh_proxy -m $m -c $c somehost \
17- exec sh -c \'"dd of=/dev/null obs=32k"\' \
18+ exec sh -c \'"dd of=/dev/null bs=32k"\' \
19 < ${DATA} ) 2>&1 | getbytes
20
21 if [ $? -ne 0 ]; then
22Index: openssh-7.6p1/regress/transfer.sh
23===================================================================
24--- openssh-7.6p1.orig/regress/transfer.sh
25+++ openssh-7.6p1/regress/transfer.sh
26@@ -13,7 +13,7 @@ cmp ${DATA} ${COPY} || fail "corrupted
27 for s in 10 100 1k 32k 64k 128k 256k; do
28 trace "dd-size ${s}"
29 rm -f ${COPY}
30- dd if=$DATA obs=${s} 2> /dev/null | \
31+ dd if=$DATA bs=${s} 2> /dev/null | \
32 ${SSH} -q -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
33 if [ $? -ne 0 ]; then
34 fail "ssh cat $DATA failed"
35Index: openssh-7.6p1/regress/key-options.sh
36===================================================================
37--- openssh-7.6p1.orig/regress/key-options.sh
38+++ openssh-7.6p1/regress/key-options.sh
39@@ -47,7 +47,7 @@ for f in 127.0.0.1 '127.0.0.0\/8'; do
40 fi
41
42 sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys
43- from=`head -1 $authkeys | cut -f1 -d ' '`
44+ from=`head -n 1 $authkeys | cut -f1 -d ' '`
45 verbose "key option $from"
46 r=`${SSH} -q -F $OBJ/ssh_proxy somehost 'echo true'`
47 if [ "$r" = "true" ]; then
diff --git a/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch b/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
deleted file mode 100644
index 20036da931..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
+++ /dev/null
@@ -1,111 +0,0 @@
1From 3328e98bcbf2930cd7eea3e6c92ad5dcbdf4794f Mon Sep 17 00:00:00 2001
2From: Yuanjie Huang <yuanjie.huang@windriver.com>
3Date: Wed, 24 Aug 2016 03:15:43 +0000
4Subject: [PATCH] Fix potential signed overflow in pointer arithmatic
5
6Pointer arithmatic results in implementation defined signed integer
7type, so that 's - src' in strlcpy and others may trigger signed overflow.
8In case of compilation by gcc or clang with -ftrapv option, the overflow
9would lead to program abort.
10
11Upstream-Status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608]
12
13Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
14
15Complete the fix
16Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
17---
18 openbsd-compat/strlcat.c | 10 +++++++---
19 openbsd-compat/strlcpy.c | 8 ++++++--
20 openbsd-compat/strnlen.c | 8 ++++++--
21 3 files changed, 19 insertions(+), 7 deletions(-)
22
23diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c
24index bcc1b61..124e1e3 100644
25--- a/openbsd-compat/strlcat.c
26+++ b/openbsd-compat/strlcat.c
27@@ -23,6 +23,7 @@
28
29 #include <sys/types.h>
30 #include <string.h>
31+#include <stdint.h>
32
33 /*
34 * Appends src to string dst of size siz (unlike strncat, siz is the
35@@ -42,7 +43,7 @@ strlcat(char *dst, const char *src, size_t siz)
36 /* Find the end of dst and adjust bytes left but don't go past end */
37 while (n-- != 0 && *d != '\0')
38 d++;
39- dlen = d - dst;
40+ dlen = (uintptr_t)d - (uintptr_t)dst;
41 n = siz - dlen;
42
43 if (n == 0)
44@@ -55,8 +56,11 @@ strlcat(char *dst, const char *src, size_t siz)
45 s++;
46 }
47 *d = '\0';
48-
49- return(dlen + (s - src)); /* count does not include NUL */
50+ /*
51+ * Cast pointers to unsigned type before calculation, to avoid signed
52+ * overflow when the string ends where the MSB has changed.
53+ */
54+ return (dlen + ((uintptr_t)s - (uintptr_t)src)); /* count does not include NUL */
55 }
56
57 #endif /* !HAVE_STRLCAT */
58diff --git a/openbsd-compat/strlcpy.c b/openbsd-compat/strlcpy.c
59index b4b1b60..b06f374 100644
60--- a/openbsd-compat/strlcpy.c
61+++ b/openbsd-compat/strlcpy.c
62@@ -23,6 +23,7 @@
63
64 #include <sys/types.h>
65 #include <string.h>
66+#include <stdint.h>
67
68 /*
69 * Copy src to string dst of size siz. At most siz-1 characters
70@@ -51,8 +52,11 @@ strlcpy(char *dst, const char *src, size_t siz)
71 while (*s++)
72 ;
73 }
74-
75- return(s - src - 1); /* count does not include NUL */
76+ /*
77+ * Cast pointers to unsigned type before calculation, to avoid signed
78+ * overflow when the string ends where the MSB has changed.
79+ */
80+ return ((uintptr_t)s - (uintptr_t)src - 1); /* count does not include NUL */
81 }
82
83 #endif /* !HAVE_STRLCPY */
84diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c
85index 7ad3573..7040f1f 100644
86--- a/openbsd-compat/strnlen.c
87+++ b/openbsd-compat/strnlen.c
88@@ -23,6 +23,7 @@
89 #include <sys/types.h>
90
91 #include <string.h>
92+#include <stdint.h>
93
94 size_t
95 strnlen(const char *str, size_t maxlen)
96@@ -31,7 +32,10 @@ strnlen(const char *str, size_t maxlen)
97
98 for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--)
99 ;
100-
101- return (size_t)(cp - str);
102+ /*
103+ * Cast pointers to unsigned type before calculation, to avoid signed
104+ * overflow when the string ends where the MSB has changed.
105+ */
106+ return (size_t)((uintptr_t)cp - (uintptr_t)str);
107 }
108 #endif
109--
1102.17.1
111
diff --git a/meta/recipes-connectivity/openssh/openssh/run-ptest b/meta/recipes-connectivity/openssh/openssh/run-ptest
index ae03e929b2..c9100f9f37 100755
--- a/meta/recipes-connectivity/openssh/openssh/run-ptest
+++ b/meta/recipes-connectivity/openssh/openssh/run-ptest
@@ -1,11 +1,26 @@
1#!/bin/sh 1#!/bin/sh
2 2
3export TEST_SSH_SSH=ssh
3export TEST_SHELL=sh 4export TEST_SHELL=sh
4export SKIP_UNIT=1 5export SKIP_UNIT=1
5 6
6cd regress 7cd regress
8
9# copied from openssh-portable/.github/run_test.sh
10output_failed_logs() {
11 for i in failed*.log; do
12 if [ -f "$i" ]; then
13 echo -------------------------------------------------------------------------
14 echo LOGFILE $i
15 cat $i
16 echo -------------------------------------------------------------------------
17 fi
18 done
19}
20trap output_failed_logs 0
21
7sed -i "/\t\tagent-ptrace /d" Makefile 22sed -i "/\t\tagent-ptrace /d" Makefile
8make -k .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="sudo" tests \ 23make -k BUILDDIR=`pwd`/.. .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="" tests \
9 | sed -u -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g' 24 | sed -u -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g'
10 25
11SSHAGENT=`which ssh-agent` 26SSHAGENT=`which ssh-agent`
diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config b/meta/recipes-connectivity/openssh/openssh/ssh_config
index e0d023803e..cb2774a163 100644
--- a/meta/recipes-connectivity/openssh/openssh/ssh_config
+++ b/meta/recipes-connectivity/openssh/openssh/ssh_config
@@ -1,4 +1,4 @@
1# $OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $ 1# $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $
2 2
3# This is the ssh client system-wide configuration file. See 3# This is the ssh client system-wide configuration file. See
4# ssh_config(5) for more information. This file provides defaults for 4# ssh_config(5) for more information. This file provides defaults for
@@ -17,11 +17,11 @@
17# list of available options, their meanings and defaults, please see the 17# list of available options, their meanings and defaults, please see the
18# ssh_config(5) man page. 18# ssh_config(5) man page.
19 19
20Host * 20Include /etc/ssh/ssh_config.d/*.conf
21 ForwardAgent yes 21
22 ForwardX11 yes 22# Host *
23# RhostsRSAAuthentication no 23# ForwardAgent no
24# RSAAuthentication yes 24# ForwardX11 no
25# PasswordAuthentication yes 25# PasswordAuthentication yes
26# HostbasedAuthentication no 26# HostbasedAuthentication no
27# GSSAPIAuthentication no 27# GSSAPIAuthentication no
@@ -36,7 +36,6 @@ Host *
36# IdentityFile ~/.ssh/id_ecdsa 36# IdentityFile ~/.ssh/id_ecdsa
37# IdentityFile ~/.ssh/id_ed25519 37# IdentityFile ~/.ssh/id_ed25519
38# Port 22 38# Port 22
39# Protocol 2
40# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc 39# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
41# MACs hmac-md5,hmac-sha1,umac-64@openssh.com 40# MACs hmac-md5,hmac-sha1,umac-64@openssh.com
42# EscapeChar ~ 41# EscapeChar ~
@@ -46,3 +45,4 @@ Host *
46# VisualHostKey no 45# VisualHostKey no
47# ProxyCommand ssh -q -W %h:%p gateway.example.com 46# ProxyCommand ssh -q -W %h:%p gateway.example.com
48# RekeyLimit 1G 1h 47# RekeyLimit 1G 1h
48# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd b/meta/recipes-connectivity/openssh/openssh/sshd
index 4882e58b48..cf675a4dad 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd
+++ b/meta/recipes-connectivity/openssh/openssh/sshd
@@ -7,4 +7,4 @@ password include common-password
7session optional pam_keyinit.so force revoke 7session optional pam_keyinit.so force revoke
8session include common-session 8session include common-session
9session required pam_loginuid.so 9session required pam_loginuid.so
10 10session required pam_env.so
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.service b/meta/recipes-connectivity/openssh/openssh/sshd.service
new file mode 100644
index 0000000000..c71fff1cc1
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/sshd.service
@@ -0,0 +1,18 @@
1[Unit]
2Description=OpenSSH server daemon
3Wants=sshdgenkeys.service
4After=sshdgenkeys.service
5After=nss-user-lookup.target
6
7[Service]
8Type=notify-reload
9Environment="SSHD_OPTS="
10EnvironmentFile=-/etc/default/ssh
11ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd
12ExecStart=-@SBINDIR@/sshd -D $SSHD_OPTS
13KillMode=process
14Restart=on-failure
15RestartSec=42s
16
17[Install]
18WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket b/meta/recipes-connectivity/openssh/openssh/sshd.socket
index 8d76d62309..7dd2ed0626 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd.socket
+++ b/meta/recipes-connectivity/openssh/openssh/sshd.socket
@@ -1,6 +1,7 @@
1[Unit] 1[Unit]
2Conflicts=sshd.service 2Conflicts=sshd.service
3Wants=sshdgenkeys.service 3Wants=sshdgenkeys.service
4After=nss-user-lookup.target
4 5
5[Socket] 6[Socket]
6ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd 7ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
index 1931dc7153..bbb6a14908 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
@@ -6,8 +6,9 @@ generate_key() {
6 local DIR="$(dirname "$FILE")" 6 local DIR="$(dirname "$FILE")"
7 7
8 mkdir -p "$DIR" 8 mkdir -p "$DIR"
9 rm -f ${FILE}.tmp
9 ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE 10 ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE
10 11 chmod go-rwx "$FILE.tmp"
11 # Atomically rename file public key 12 # Atomically rename file public key
12 mv -f "${FILE}.tmp.pub" "${FILE}.pub" 13 mv -f "${FILE}.tmp.pub" "${FILE}.pub"
13 14
@@ -56,8 +57,7 @@ while true ; do
56 esac 57 esac
57done 58done
58 59
59HOST_KEYS=$(sed -n 's/^[ \t]*HostKey[ \t]\+\(.*\)/\1/p' "${sshd_config}") 60HOST_KEYS=$(sshd -G -f "${sshd_config}" | grep -i '^hostkey ' | cut -f2 -d' ')
60[ -z "${HOST_KEYS}" ] && HOST_KEYS="$SYSCONFDIR/ssh_host_rsa_key $SYSCONFDIR/ssh_host_ecdsa_key $SYSCONFDIR/ssh_host_ed25519_key"
61 61
62for key in ${HOST_KEYS} ; do 62for key in ${HOST_KEYS} ; do
63 [ -f $key ] && continue 63 [ -f $key ] && continue
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config
index 15f061b570..e9eaf93157 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_config
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_config
@@ -1,4 +1,4 @@
1# $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $ 1# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
2 2
3# This is the sshd server system-wide configuration file. See 3# This is the sshd server system-wide configuration file. See
4# sshd_config(5) for more information. 4# sshd_config(5) for more information.
@@ -10,6 +10,8 @@
10# possible, but leave them commented. Uncommented options override the 10# possible, but leave them commented. Uncommented options override the
11# default value. 11# default value.
12 12
13Include /etc/ssh/sshd_config.d/*.conf
14
13#Port 22 15#Port 22
14#AddressFamily any 16#AddressFamily any
15#ListenAddress 0.0.0.0 17#ListenAddress 0.0.0.0
@@ -57,9 +59,9 @@ AuthorizedKeysFile .ssh/authorized_keys
57#PasswordAuthentication yes 59#PasswordAuthentication yes
58#PermitEmptyPasswords no 60#PermitEmptyPasswords no
59 61
60# Change to yes to enable challenge-response passwords (beware issues with 62# Change to yes to enable keyboard-interactive authentication (beware issues
61# some PAM modules and threads) 63# with some PAM modules and threads)
62ChallengeResponseAuthentication no 64KbdInteractiveAuthentication no
63 65
64# Kerberos options 66# Kerberos options
65#KerberosAuthentication no 67#KerberosAuthentication no
@@ -73,13 +75,13 @@ ChallengeResponseAuthentication no
73 75
74# Set this to 'yes' to enable PAM authentication, account processing, 76# Set this to 'yes' to enable PAM authentication, account processing,
75# and session processing. If this is enabled, PAM authentication will 77# and session processing. If this is enabled, PAM authentication will
76# be allowed through the ChallengeResponseAuthentication and 78# be allowed through the KbdInteractiveAuthentication and
77# PasswordAuthentication. Depending on your PAM configuration, 79# PasswordAuthentication. Depending on your PAM configuration,
78# PAM authentication via ChallengeResponseAuthentication may bypass 80# PAM authentication via KbdInteractiveAuthentication may bypass
79# the setting of "PermitRootLogin without-password". 81# the setting of "PermitRootLogin without-password".
80# If you just want the PAM account and session checks to run without 82# If you just want the PAM account and session checks to run without
81# PAM authentication, then enable this but set PasswordAuthentication 83# PAM authentication, then enable this but set PasswordAuthentication
82# and ChallengeResponseAuthentication to 'no'. 84# and KbdInteractiveAuthentication to 'no'.
83#UsePAM no 85#UsePAM no
84 86
85#AllowAgentForwarding yes 87#AllowAgentForwarding yes
@@ -92,7 +94,6 @@ ChallengeResponseAuthentication no
92#PrintMotd yes 94#PrintMotd yes
93#PrintLastLog yes 95#PrintLastLog yes
94#TCPKeepAlive yes 96#TCPKeepAlive yes
95#UseLogin no
96#PermitUserEnvironment no 97#PermitUserEnvironment no
97Compression no 98Compression no
98ClientAliveInterval 15 99ClientAliveInterval 15
diff --git a/meta/recipes-connectivity/openssh/openssh_10.0p1.bb b/meta/recipes-connectivity/openssh/openssh_10.0p1.bb
new file mode 100644
index 0000000000..a044aec063
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh_10.0p1.bb
@@ -0,0 +1,224 @@
1SUMMARY = "A suite of security-related network utilities based on \
2the SSH protocol including the ssh client and sshd server"
3DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \
4Ssh (Secure Shell) is a program for logging into a remote machine \
5and for executing commands on a remote machine."
6HOMEPAGE = "http://www.openssh.com/"
7SECTION = "console/network"
8LICENSE = "BSD-2-Clause & BSD-3-Clause & ISC & MIT"
9LIC_FILES_CHKSUM = "file://LICENCE;md5=78ffb36e5a48c0d8c5648603a3b6c8eb"
10
11DEPENDS = "zlib openssl virtual/crypt"
12DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
13
14SRC_URI = "https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \
15 file://sshd_config \
16 file://ssh_config \
17 file://init \
18 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
19 file://sshd.service \
20 file://sshd.socket \
21 file://sshd@.service \
22 file://sshdgenkeys.service \
23 file://volatiles.99_sshd \
24 file://run-ptest \
25 file://sshd_check_keys \
26 file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \
27 file://0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch \
28 "
29SRC_URI[sha256sum] = "021a2e709a0edf4250b1256bd5a9e500411a90dddabea830ed59cef90eb9d85c"
30
31CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here."
32
33# This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7
34# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
35CVE_STATUS[CVE-2014-9278] = "not-applicable-platform: This CVE is specific to OpenSSH server, as used in Fedora and \
36Red Hat Enterprise Linux 7 and when running in a Kerberos environment"
37
38CVE_STATUS[CVE-2008-3844] = "not-applicable-platform: Only applies to some distributed RHEL binaries."
39CVE_STATUS[CVE-2023-51767] = "upstream-wontfix: It was demonstrated on modified sshd and does not exist in upstream openssh https://bugzilla.mindrot.org/show_bug.cgi?id=3656#c1."
40
41PAM_SRC_URI = "file://sshd"
42
43inherit manpages useradd update-rc.d update-alternatives systemd
44
45USERADD_PACKAGES = "${PN}-sshd"
46USERADD_PARAM:${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd"
47INITSCRIPT_PACKAGES = "${PN}-sshd"
48INITSCRIPT_NAME:${PN}-sshd = "sshd"
49INITSCRIPT_PARAMS:${PN}-sshd = "defaults 9"
50
51SYSTEMD_PACKAGES = "${PN}-sshd"
52SYSTEMD_SERVICE:${PN}-sshd = "${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','sshd.socket', '', d)} ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','sshd.service', '', d)}"
53
54inherit autotools-brokensep ptest pkgconfig
55
56# systemd-sshd-socket-mode means installing sshd.socket
57# and systemd-sshd-service-mode corresponding to sshd.service
58PACKAGECONFIG ??= "systemd-sshd-socket-mode hostkey-ecdsa"
59PACKAGECONFIG[fido2] = "--with-security-key-builtin,--disable-security-key,libfido2"
60PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5"
61PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns"
62PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit"
63PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat"
64PACKAGECONFIG[systemd-sshd-socket-mode] = ""
65PACKAGECONFIG[systemd-sshd-service-mode] = ""
66PACKAGECONFIG[hostkey-rsa] = ""
67PACKAGECONFIG[hostkey-ecdsa] = ""
68PACKAGECONFIG[hostkey-ed25519] = ""
69
70EXTRA_AUTORECONF += "--exclude=aclocal"
71
72# login path is hardcoded in sshd
73EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \
74 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
75 --without-zlib-version-check \
76 --with-privsep-path=${localstatedir}/run/sshd \
77 --sysconfdir=${sysconfdir}/ssh \
78 --with-xauth=${bindir}/xauth \
79 --disable-strip \
80 "
81
82# musl doesn't implement wtmp/utmp and logwtmp
83EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog"
84
85# Work around ICE on mips/mips64 starting in 9.6p1
86EXTRA_OECONF:append:mips = " --without-hardening"
87EXTRA_OECONF:append:mips64 = " --without-hardening"
88
89# Work around ICE on powerpc64le starting in 9.6p1
90EXTRA_OECONF:append:powerpc64le = " --without-hardening"
91
92# Since we do not depend on libbsd, we do not want configure to use it
93# just because it finds libutil.h. But, specifying --disable-libutil
94# causes compile errors, so...
95CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no"
96
97# passwd path is hardcoded in sshd
98CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd"
99
100# We don't want to depend on libblockfile
101CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no"
102
103do_configure:prepend () {
104 export LD="${CC}"
105 install -m 0644 ${UNPACKDIR}/sshd_config ${B}/
106 install -m 0644 ${UNPACKDIR}/ssh_config ${B}/
107}
108
109do_compile_ptest() {
110 oe_runmake regress-binaries regress-unit-binaries
111}
112
113sshd_hostkey_setup() {
114 # Enable specific ssh host keys
115 sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config
116 if ${@bb.utils.contains('PACKAGECONFIG','hostkey-rsa','true','false',d)}; then
117 echo "HostKey /etc/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config
118 fi
119 if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ecdsa','true','false',d)}; then
120 echo "HostKey /etc/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config
121 fi
122 if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ed25519','true','false',d)}; then
123 echo "HostKey /etc/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config
124 fi
125
126 sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
127 if ${@bb.utils.contains('PACKAGECONFIG','hostkey-rsa','true','false',d)}; then
128 echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
129 fi
130 if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ecdsa','true','false',d)}; then
131 echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
132 fi
133 if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ed25519','true','false',d)}; then
134 echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
135 fi
136}
137
138do_install:append () {
139 if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
140 install -D -m 0644 ${UNPACKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
141 sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config
142 fi
143
144 if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then
145 sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config
146 fi
147
148 install -d ${D}${sysconfdir}/init.d
149 install -m 0755 ${UNPACKDIR}/init ${D}${sysconfdir}/init.d/sshd
150 rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin
151 rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir}
152 install -d ${D}/${sysconfdir}/default/volatiles
153 install -m 644 ${UNPACKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd
154 install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir}
155
156 # Create config files for read-only rootfs
157 install -d ${D}${sysconfdir}/ssh
158 install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly
159
160 install -d ${D}${systemd_system_unitdir}
161 if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','true','false',d)}; then
162 install -c -m 0644 ${UNPACKDIR}/sshd.socket ${D}${systemd_system_unitdir}
163 install -c -m 0644 ${UNPACKDIR}/sshd@.service ${D}${systemd_system_unitdir}
164 sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
165 -e 's,@SBINDIR@,${sbindir},g' \
166 -e 's,@BINDIR@,${bindir},g' \
167 -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
168 ${D}${systemd_system_unitdir}/sshd.socket
169 fi
170 if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','true','false',d)}; then
171 install -c -m 0644 ${UNPACKDIR}/sshd.service ${D}${systemd_system_unitdir}
172 fi
173 install -c -m 0644 ${UNPACKDIR}/sshdgenkeys.service ${D}${systemd_system_unitdir}
174 sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
175 -e 's,@SBINDIR@,${sbindir},g' \
176 -e 's,@BINDIR@,${bindir},g' \
177 -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
178 ${D}${systemd_system_unitdir}/*.service
179
180 sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
181 ${D}${sysconfdir}/init.d/sshd
182
183 install -D -m 0755 ${UNPACKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys
184 sshd_hostkey_setup
185}
186
187do_install_ptest () {
188 sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh
189 cp -r regress ${D}${PTEST_PATH}
190 cp config.h ${D}${PTEST_PATH}
191}
192
193ALLOW_EMPTY:${PN} = "1"
194
195PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server"
196FILES:${PN}-scp = "${bindir}/scp.${BPN}"
197FILES:${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
198FILES:${PN}-sshd = "${sbindir}/sshd ${libexecdir}/sshd-session ${sysconfdir}/init.d/sshd ${systemd_system_unitdir}"
199FILES:${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
200FILES:${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys ${libexecdir}/sshd-auth"
201FILES:${PN}-sftp = "${bindir}/sftp"
202FILES:${PN}-sftp-server = "${libexecdir}/sftp-server"
203FILES:${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
204FILES:${PN}-keygen = "${bindir}/ssh-keygen"
205
206RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen ${PN}-sftp-server"
207RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
208# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies
209RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed coreutils openssl-bin"
210
211RPROVIDES:${PN}-ssh = "ssh"
212RPROVIDES:${PN}-sshd = "sshd"
213
214RCONFLICTS:${PN} = "dropbear"
215RCONFLICTS:${PN}-sshd = "dropbear"
216
217CONFFILES:${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
218CONFFILES:${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
219
220ALTERNATIVE_PRIORITY = "90"
221ALTERNATIVE:${PN}-scp = "scp"
222ALTERNATIVE:${PN}-ssh = "ssh"
223
224BBCLASSEXTEND += "nativesdk"
diff --git a/meta/recipes-connectivity/openssh/openssh_8.4p1.bb b/meta/recipes-connectivity/openssh/openssh_8.4p1.bb
deleted file mode 100644
index 676a8a6533..0000000000
--- a/meta/recipes-connectivity/openssh/openssh_8.4p1.bb
+++ /dev/null
@@ -1,179 +0,0 @@
1SUMMARY = "A suite of security-related network utilities based on \
2the SSH protocol including the ssh client and sshd server"
3DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \
4Ssh (Secure Shell) is a program for logging into a remote machine \
5and for executing commands on a remote machine."
6HOMEPAGE = "http://www.openssh.com/"
7SECTION = "console/network"
8LICENSE = "BSD & ISC & MIT"
9LIC_FILES_CHKSUM = "file://LICENCE;md5=18d9e5a8b3dd1790d73502f50426d4d3"
10
11DEPENDS = "zlib openssl virtual/crypt"
12DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
13
14SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \
15 file://sshd_config \
16 file://ssh_config \
17 file://init \
18 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
19 file://sshd.socket \
20 file://sshd@.service \
21 file://sshdgenkeys.service \
22 file://volatiles.99_sshd \
23 file://run-ptest \
24 file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
25 file://sshd_check_keys \
26 file://add-test-support-for-busybox.patch \
27 "
28SRC_URI[sha256sum] = "5a01d22e407eb1c05ba8a8f7c654d388a13e9f226e4ed33bd38748dafa1d2b24"
29
30# This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7
31# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
32CVE_CHECK_WHITELIST += "CVE-2014-9278"
33
34PAM_SRC_URI = "file://sshd"
35
36inherit manpages useradd update-rc.d update-alternatives systemd
37
38USERADD_PACKAGES = "${PN}-sshd"
39USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd"
40INITSCRIPT_PACKAGES = "${PN}-sshd"
41INITSCRIPT_NAME_${PN}-sshd = "sshd"
42INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9"
43
44SYSTEMD_PACKAGES = "${PN}-sshd"
45SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket"
46
47inherit autotools-brokensep ptest
48
49PACKAGECONFIG ??= "rng-tools"
50PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5"
51PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns"
52PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit"
53PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat"
54
55# Add RRECOMMENDS to rng-tools for sshd package
56PACKAGECONFIG[rng-tools] = ""
57
58EXTRA_AUTORECONF += "--exclude=aclocal"
59
60# login path is hardcoded in sshd
61EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \
62 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
63 --without-zlib-version-check \
64 --with-privsep-path=${localstatedir}/run/sshd \
65 --sysconfdir=${sysconfdir}/ssh \
66 --with-xauth=${bindir}/xauth \
67 --disable-strip \
68 "
69
70# musl doesn't implement wtmp/utmp
71EXTRA_OECONF_append_libc-musl = " --disable-wtmp"
72
73# Since we do not depend on libbsd, we do not want configure to use it
74# just because it finds libutil.h. But, specifying --disable-libutil
75# causes compile errors, so...
76CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no"
77
78# passwd path is hardcoded in sshd
79CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd"
80
81# We don't want to depend on libblockfile
82CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no"
83
84do_configure_prepend () {
85 export LD="${CC}"
86 install -m 0644 ${WORKDIR}/sshd_config ${B}/
87 install -m 0644 ${WORKDIR}/ssh_config ${B}/
88}
89
90do_compile_ptest() {
91 # skip regress/unittests/ binaries: this will silently skip
92 # unittests in run-ptests which is good because they are so slow.
93 oe_runmake regress/modpipe regress/setuid-allowed regress/netcat \
94 regress/check-perm regress/mkdtemp
95}
96
97do_install_append () {
98 if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
99 install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
100 sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config
101 fi
102
103 if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then
104 sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config
105 fi
106
107 install -d ${D}${sysconfdir}/init.d
108 install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd
109 rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin
110 rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir}
111 install -d ${D}/${sysconfdir}/default/volatiles
112 install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd
113 install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir}
114
115 # Create config files for read-only rootfs
116 install -d ${D}${sysconfdir}/ssh
117 install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly
118 sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
119 echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
120 echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
121 echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
122
123 install -d ${D}${systemd_unitdir}/system
124 install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system
125 install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system
126 install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system
127 sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
128 -e 's,@SBINDIR@,${sbindir},g' \
129 -e 's,@BINDIR@,${bindir},g' \
130 -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
131 ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service
132
133 sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
134 ${D}${sysconfdir}/init.d/sshd
135
136 install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys
137}
138
139do_install_ptest () {
140 sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh
141 cp -r regress ${D}${PTEST_PATH}
142}
143
144ALLOW_EMPTY_${PN} = "1"
145
146PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server"
147FILES_${PN}-scp = "${bindir}/scp.${BPN}"
148FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
149FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system"
150FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
151FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys"
152FILES_${PN}-sftp = "${bindir}/sftp"
153FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
154FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
155FILES_${PN}-keygen = "${bindir}/ssh-keygen"
156
157RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
158RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
159RRECOMMENDS_${PN}-sshd_append_class-target = "\
160 ${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \
161"
162
163# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies
164RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils"
165
166RPROVIDES_${PN}-ssh = "ssh"
167RPROVIDES_${PN}-sshd = "sshd"
168
169RCONFLICTS_${PN} = "dropbear"
170RCONFLICTS_${PN}-sshd = "dropbear"
171
172CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
173CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
174
175ALTERNATIVE_PRIORITY = "90"
176ALTERNATIVE_${PN}-scp = "scp"
177ALTERNATIVE_${PN}-ssh = "ssh"
178
179BBCLASSEXTEND += "nativesdk"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-07 03:19:35 +0000